package com.sun.demo.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 放开actuator端点接口和hi相关接口权限
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.authorizeRequests()
                 // 排除/actuator和/hi所有接口
                 .antMatchers("/actuator/**", "/hi/**").permitAll()
                 // 任何路径都能访问
                 .anyRequest().authenticated()
                 // 关闭csrf防护
                 .and().csrf().disable();
     }

 }
